Juan Antonio Calles: “Threat Hunting could improve detection and response capabilities against cryptojacking”

Juan Antonio Calles

“Over the last few years, the cybersecurity world has become hugely professional. Spain is becoming an international reference point. Proof of this lies in the large number of cybersecurity events that take place in our country.” These are the words of Juan Antonio Calles, CEO of Zerolynx and SCO of Osane. Before this, he worked as head of the KPMG cybersecurity laboratory, and head of the the Everis hacking center. As well as this, Juan Antonio also has several prestigious certificates, such as Certified Hacking Forensic Investigator (CHFI) from Ec-Council and CISA from ISACA.

Juan Antonio CallesJuan Antonio Calles

According to this IT security expert, the last 15 years have seen a tremendous evolution. “Security jobs used to focus on revising client websites and internal auditing to evaluate the security of the employees’ IT parks. The sector has got to a point now that, back then, was very difficult to predict.”

  • As companies increasingly adopt cloud strategies, how can we guarantee their security?

A few years ago, many companies thought they were safe with just a firewall to protect their perimeter. But this of course overlooked the fact that it’s not just external threats that need to be protected against: internal threats are just as importantNow boundaries are starting to disappear. If we add to this an amorphous cloud containing all our information, spread over several data centers all over the word, with different jurisdictions, the security environment starts to get complicated.

If we are determined to migrate to the cloud, it is vital to check whether we have the capacity to build a cloud over our infrastructure. Where possible, we have to properly evaluate possible vendors, and once decided, try to store data in an encrypted format.

  • The firmware of Nintendo Switch was hacked on the same day it was launched. How could Nintendo have avoided this kind of situation?

The case of the latest version of the firmware (v7.0.0) for the Nintendo console is a special one. It wasn’t a software vulnerability, but rather a problem with the console’s hardware. What happened in January is that they managed to crack the private keys that that version of the firmware is signed with, in order to be able to modify it. In this case, in order to fix it, the console’s hardware needs to be revised, something that Nintendo should already be working on.

On the other hand, in order to avoid software flaws, it is crucial to include security from the very first stages of its design: the so called shift left. Collaboratively integrating security into DevOps workflows, also known as DevSecOps, is an efficient way of preserving the quality and the security of the teamwork, the agility, and the speed of DevOps. These work models have been demonstrably successful compared to traditional models. They allow for the development of higher quality software, which is also more secure, without increasing development times or costs in any significant way.

  • What would you say are the leading threats to corporate cybersecurity at the moment?

One of the greatest threats is ransomware, especially for small and medium companies that don’t have the same level of security as larger organizations. One of the most commonly exploited points of entry for this kind of attack are remote accesses, via Team Viewer, VNC and other similar vectors. In order to mitigate such attacks, organizations must be sure to have robust VPNs that allow them to securely access the organization’s resources from outside, with 2FA to ensure that credential theft isn’t enough to gain remote access. Another vital step is restrictive network segmentation to contain any incident that could happen.

Another threat that keeps growing is cryptojacking, exploiting the processing power of exposed computers to mine cryptocurrencies. Practices such as threat hunting would allow organizations to actively find these kinds of threats, and would improve their detection and response capabilities.

Threats to critical infrastructures will continue to grow. This is especially true in the context of industry 4.0 where IT and OT networks are starting to work together, and PLCs and other components of the OT network acquire different transmission capacities to traditional cable-based network. In such complex case studies, it is necessary to create a hostile environment for the adversary. This includes optimal segmentation between OT and IT, avoiding direct exposure of the OT environment to the Internet (including access to vendors), deploying detection and response capabilities on machines that cover both environments, and maximizing the control of privileged accounts.

Finally, one of the threats that we’ll keep coming across in organizations and industrial environments is industrial espionage. Even with particularly high levels of security, there are always weak links that could go unnoticed in traditional pen testing processes. For example, one of the most noteworthy examples is the use of video conference systems. They are rarely well protected, and their communications are more often than not unencrypted.

Don’t miss the second half of our interview with Juan Antonio Calles, where we will discuss cyber-resilience, biohacking, and digital forensics.

The post Juan Antonio Calles: “Threat Hunting could improve detection and response capabilities against cryptojacking” appeared first on Panda Security Mediacenter.

Article Link: https://www.pandasecurity.com/mediacenter/panda-security/juan-antonio-calles-guest-post/